‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, May 24, 2019 2:30 PM, Jean-Francois Simon <jfsimon1...@gmail.com> wrote:
> Hi, > > Out of interest, I'd like to let you know a specific use of OpenBSD with > PF, in virtualbox, 2 virtual network card Bridged to physical NIC, and > building up a subnet with NAT and hence running Packet Filter as the > machine's firewall. > > That's the firewall I use under Win7, OpenBSD running in a VM, out of > pure interest into running BSD and let it purify the network access to > desktop (without need for additional hardware). > > Works well, love it. > > Jean-François I like having a firewall that would pretty much require someone physically entering the computer room in order to attack the firewall. With OpenBSD, your firewall can control your network traffic without having an IP address at all. One thing that you could try is to use the OpenBSD VM as the firewall, but don't assign any IP address to the firewall. The Win7 VM would have the actual IP address, but the OpenBSD VM would control the network. If I ever get around to getting enough IPv4 addresses so that I don't need a NAT, I'll go back to isolating access to the firewall with this approach. I am curious if there is any way to attack the firewall if it has no IP addresses. W
